Описание
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Summary
Fix bypass to the following bugs
- https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m
- https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35
Allowing to inject directly in the app.ini via CRLF to change the value of test_config_cmd and start_cmd resulting in an Authenticated RCE
Impact
Authenticated Remote execution on the host
Пакеты
github.com/0xJacky/Nginx-UI
< 2.0.0-beta.12
2.0.0-beta.12
Связанные уязвимости
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12.
Уязвимость конфигурационного файла app.ini пользовательского интерфейса Nginx UI сервера nginx, позволяющая нарушителю выполнить произвольный код